Documentation ¶
Index ¶
- Constants
- func CheckGroup(ctx context.Context, user, groupName string, k8sClient client.Client) (bool, error)
- func ContainsString(slice []string, s string) bool
- func DeletionTimeStampExists(object client.Object) bool
- func IndexOf(element string, a []string) (int, error)
- func IsUserInGroup(user string, group userv1.Group) bool
- func ShouldReconcile(phase danav1.Phase) bool
- func ValidateNamespaceExist(ns *objectcontext.ObjectContext) admission.Response
- func ValidatePermissions(ctx context.Context, aNS []string, ...) admission.Response
- func ValidatePermittedGroups(ctx context.Context, user string, k8sClient client.Client) (bool, error)
- func ValidateSecondaryRoot(ctx context.Context, c client.Client, aNSArray, bNSArray []string) admission.Response
- func ValidateToNamespaceName(ns *objectcontext.ObjectContext, toNSName string) admission.Response
Constants ¶
const PermittedGroups = "PERMITTED_GROUPS"
Variables ¶
This section is empty.
Functions ¶
func CheckGroup ¶
CheckGroup accepts groupname and username. Fetches group and checks if user is int it.
func ContainsString ¶
ContainsString checks if a string is present in a slice of strings.
func DeletionTimeStampExists ¶
DeletionTimeStampExists returns true if an object is being deleted, and false otherwise.
func IsUserInGroup ¶
IsUserInGroup returns true if given user is in give group
func ShouldReconcile ¶
ShouldReconcile returns true if the Phase given as argument is not Complete or Error; meaning that reconciliation needs to take place.
func ValidateNamespaceExist ¶
func ValidateNamespaceExist(ns *objectcontext.ObjectContext) admission.Response
ValidateNamespaceExist validates that a namespace exists.
func ValidatePermissions ¶
func ValidatePermissions(ctx context.Context, aNS []string, aNSName, bNSName, ancestorNSName, reqUser string, branch bool, k8sClient client.Client) admission.Response
ValidatePermissions checks if a registered user has the needed permissions on the namespaces and denies otherwise there are 4 scenarios in which things are allowed: if the user is in a permitted group; if the user has the needed permissions on the Ancestor of the two namespaces; if the user has the needed permissions on both namespaces; if the user has the needed permissions on the namespace from which resources are moved and both namespaces are in the same branch (only checked when the branch flag is true).
func ValidatePermittedGroups ¶
func ValidatePermittedGroups(ctx context.Context, user string, k8sClient client.Client) (bool, error)
ValidatePermittedGroups validate if user is in a permitted group
func ValidateSecondaryRoot ¶
func ValidateSecondaryRoot(ctx context.Context, c client.Client, aNSArray, bNSArray []string) admission.Response
ValidateSecondaryRoot denies if trying to perform UpdateQuota involving namesapces from different secondary root namespaces a secondary root is the first subnamespace after the root namespace in the hierarchy of a subnamespace.
func ValidateToNamespaceName ¶
func ValidateToNamespaceName(ns *objectcontext.ObjectContext, toNSName string) admission.Response
ValidateToNamespaceName validates that a namespace is not trying to be migrated to be under the same namespace it's already in.
Types ¶
This section is empty.